AMENDMENTS TO THE CLAIMS 



Cancel Claims 15, 20 and 21 without prejudice. Please accept amended Claims 11,13 and 22 
and new Claims 23-28 as follows: 
1-10 (Cancelled). 

1 1 . (Currently Amended) A method for ensuring that a processor will execute only authorized 

code, said method comprising: 

reading a certificate including a first public key into a protected memory: 

validating said certificate with a second public key permanently stored on said processor; 

applying an original digital signature to all authorized code; 

storing said signed reading a signed authorized code m-et into said p rotected memory, 
wherein said protected memory is cryptographically protected; 

preparing to execute said signed authorized code fi-om the protected memory by verifying a 
digital signature used to sign said signed authorized code in accordance with a said first public 
key , which corresponds to said original digital signature ; and 



authorized code in said protected memory to begin execution and performing inline decryption 
of the copy of said signed authorized code in said protected memory upon verifying said digital 
signature . 

12. (Cancelled) 




branching to a copy of said signed 



13. (Currently Amended) A method as recited in claim 1 1 wherein the integrity of the contents of 

2 



said protected memory is protected by encryption using a cryptographic key stored on said 

processor . 

14. (Original) A method as recited in claim 1 1 wherein said protected memory is physically 
protected. 

15. (Cancelled) 

16. (Original) A method as recited in claim 1 1 wherein the integrity of said authorized code is 
protected at run time. 

17. (Original) A method as recited in claim 16 wherein the integrity of said authorized code is 
protected with symmetric key encryption. 

18. (Original) A method as recited in claim 1 1 wherein the privacy of said authorized code is 
protected at run time. 

19. (Original) A method as recited in claim 18 wherein the privacy of said authorized code is 
protected at run time with symmetric key encryption. 

20-21. (Cancelled) 



22. (Currently Amended) A program storage device readable by machine, tangibly embodying a 
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program of instructions executable by the machine to perform program steps for ensuring that a 
processor will execute only authorized code, the program steps comprising: 

reading a certificate including a first public key into a protected memory; 

validating said certificate with a second public key permanently stored on said processor; 

applying an original digital signature to all authorized code; 

storing said signed reading a signed authorized code in-a into said p rotected memory, 
wherein said protected memory is cryptographically protected; 

preparing to execute said signed authorized code from the protected memory by verifying a 
digital signature used to sign said signed authorized code in accordance with a said first public 
key , which corresponds to said original digital signature ; and 

if said original digital signature is verified, then branching to a copy of said signed 
authorized code in said protected memory to begin execution and performing inline decryption 
of the copy of said signed authorized code in said protected memory upon verifying said digital 
signature . 

23. (New) A computing device for securely executing authorized code, said computing device 
comprising: 

a protected memory for storing signed authorized code, which contains an original digital 
signature, wherein said protected memory is cryptographically protected; and 

a processor in signal communication with said protected memory for preparing to execute 
said signed authorized code from the protected memory by verifying that a digital signature 

contained in of said signed authorized code is original in accordance with a first public key 
stored in said protected memory and validated by a second public key permanently stored on said 
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processor, and if said original digital signature is verified, then branching to a copy of said 
authorized code in said protected memory to begin execution. 

24. (New) A computing device as recited in claim 23 wherein the integrity of the contents of said 
protected memory is protected by encryption. 

25. (New) A computing device as recited in claim 23 wherein said protected memory is 
physically protected. 

26. (New) A computing device as recited in claim 23 wherein at least one of the integrity of said 
authorized code and the privacy of said authorized code is protected at run time. 

27. (New) A computing device as recited in claim 23 wherein the integrity of said signed 
authorized code is protected at run time with symmetric key encryption. 

28. (New) A computing device as recited in claim 23, wherein the privacy of said signed 
authorized code is protected at run time with symmetric key encryption. 
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